Every CVE whose affected-product data names Svelte Kit, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-67647 — CVSS 9.1 (critical): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.49.5, SvelteKit is vulnerable…
CVE-2024-23641 — CVSS 7.5 (high): SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app…
CVE-2026-22803 — CVSS 7.5 (high): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. From 2.49.0 to 2.49.4, the experimental…
CVE-2026-40073 — CVSS 7.5 (high): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain…
CVE-2026-40074 — CVSS 7.5 (high): SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called…